Providing practical examples since 1998

Things look quiet here. But I've been doing a lot of blogging at
dan.langille.org because I prefer WordPress now.
Not all my posts there are FreeBSD related.
I am in the midst of migrating The FreeBSD Diary over to WordPress
(and you can read about that here).
Once the migration is completed, I'll move the FreeBSD posts into the
new FreeBSD Diary website.

Welcome to the wonderful world of USA air travel. I had been warned.
I knew what I was getting into. But I was naive. Or perhaps just stupid.
But I'm wiser now. I rarely make the same mistakes twice. Well, there
was that little problem back in '95 with US Customs, but that was an
honest mistake and I'm sure they've forgotten all about that by now.
Besides, they can't prove anything. They might suspect me, but they
sure as hell can't prove anything. Note to self: keep in touch with
those lawyer friends, just in case you need them.

Today's journey may have begun before dawn, but the educational experience
started last when when I was booking
this morning's trip. Victoria, my travel agent, was very helpful on the
phone and
gave me many options. Even after my initial plans to fly down on Saturday
for a weekend in San Jose with friends fell through, she still had option
for me. Before my plans changed, the flying charges were going to be $700
(all monetary values in this article are Canadian unless otherwise specified;
your milage may vary; do not try this at home; do no operate heavy equipment).
But as I wasn't staying over for a weekend and it was a short notice booking
(i.e. < 7 days), things were going to change.
One of Victoria's options was flying with Air Canada, but their fare
structure dictated a charge of $2700

Or, I could fly with NorthWest
and it would be only CAD$700. Sure, it meant a 5:50 AM flight from Ottawa.
And a trip to Detroit. On a turbroprop, operated by Mesaba Aviation. As
this was my first trip paid for by my new employers, I selected the less
expensive option.

When I told my boss, Ron, about the booking. He laughed and told me that
NorthWest was the airline he'd stopped using because of delays and reroutings. He only
used Air Canada now. I listened but took no action. Now I wish I had done
something.

I awoke at 3:55 AM today. Five minutes before my alarm was to go off. I now
regret missing that five minutes of sleep. Sure it was dark. But the birds
were busy with their pre-dawn chorus. I struggled out of bed, deactivated
the alarm lest it awaken others in the household, had a shower, and ate
something to get me going. At 4:30 AM I wandered outside to find my cab waiting.
20 minutes later, after an $18 trip to the airport, through deserted streets
that occasionally showed signs of life, I arrived at a bright but very quiet
airport.

The first hint of trouble arrived when I didn't know where to check in. This
was my first international departure from Ottawa. But I was directed to the
second floor where I found my airline. As with most incidents in life, I
didn't recognize the first signs of trouble. But it was there. If only
in hindsight.

The next lovely interlude was a pen
that didn't work. Mine. So much for filling in the US Customs form whilst
waiting in the queue. I borrowed a pen at the desk. The check-in person
did manage to find me a window seat. Bravo!

The next interesting situation was the differing opening times of the various
airports sections. Although we could walk into the airport and check in,
we couldn't go through the security section or into Customs until 5 AM. So
we stood there waiting. Patiently.

I arrived in the departure lounge and started up my laptop so that I could
catch up on my USENET reading (specifically, comp.risks). After ten minutes
of reading, my laptop started beeping. Rather loudly. The poor thing was
screaming out in pain as the battery died. Embarrased and eager
to silence this rather loud monster before the other passengers started to
throw heavy items in my direction, I hastily typed "shutdown -h now" and
waited for another 4 or 5 rather loud beeps before it died. I was most
impressed with my hasty yet correct typing and I thanked my high school
typing teacher as I fished another
battery from my bag and again started reading.

Then, at about 5:30 AM, we were told that the pilot had requested that the
boarding process be delayed because of a mechanical problem. They were
working on it and we would be informed ASAP. By now, alarm bells should
have been ringing in my head.

During my comp.risks browsing, I came across an interesting article
regarding anomolies in the Wyoming license regulations
with respect to federal law and Social Security Numbers. It was rather
amusing to read about the ways in which Federal and State law sometimes
contradict or conflict with each other. It was then with delight that
it found it was written by Brett Glass.

At 5:55 AM, it was announced that the flight had been cancelled and would
everyone please report to the desk to be rebooked. Having seated myself
rather close to the desk, I wound up third in line. I'm going to be booked
onto a 9 AM flight to Chicago, then to San Jose. I'll arrive at 2 PM instead
of my expected 11 AM. I'll miss my lunch with my co-worker Richard
and the first hour of the conference. Lovely.

7:50 AM

It's now 7:50 AM and I need to make some phone calls. I have no email access
here, so I'll call Eric and ask him to email Richard to let him know I'm going
to be late. I would phone Richard, but it's 4:50 AM there, and I'm sure he'd
rather not know just now.

8:30 AM

I have been rebooked onto an American Airlines flight to Chicago. I don't
even have Patti's email address or phone number. I haven't seen her since
July 1995 at the start of my big road trip south to New Orleans and then
north to Vancouver. That was a wonderful summer. I'll email her when I
return and let her know I was in town....

The good news is that I will get to San Jose. Only at 2:06 PM instead of
11 AM. This is annoying on two counts. First, I'm going to be late to the
conference. Second, I'm going to miss out on the lunch with Richard, during
which we would have been able to discuss the conference and what approach
we could take in order to get the most out of the event. Third, and much
more important than the other two items combined, I could have stayed in
bed for three hours.

9:17 AM

Actually, my watch says it's 8:37, but I've already changed that to
Chicago time. My body says it's very early still. Now that I'm on the plane
and somewhere between Chicago and Toronto, I'm beginning to get sleepy. I
can sleep on planes, buses, trains, and cars (although not often while driving).
My body seems to take the constant noise and sense of motion as a signal that
I'm back in the womb and the best thing I can do is sleep. I think I'll
do just that. Now.

11:50 AM Chicago time

I'm in the air again. It seems like whenever the airlines find three big guys
on the same flight, they seat them all in the same road. Right beside each
other. And by big, I don't mean obese. I mean 6ft+, 220lbs big. Here we are,
the three of us, stuck in the back row of an American Airlines Boein 737 bound
for San Jose. Compare that with the Fokker I fly in from Ottawa to Chicago.
I was in seat 12E, but when I got there, I spotted an empty exit row just a
few seats back. That's where I sat. And who should be on either sit of my
original but now empty seat? Two attractive women. Good planning Dan.
Avoid the women, sit by yourself. Then get a seat between two guys. Talk
about a fun trip.

There could be worse things I suposed. At least the flight isn't rough so far.
And I had a killer feed of McD's outside gate L1 at O'Hare. I knew you could
upsize your meals, but this place, as do others I'm sure, had two levels of
upsizing. You could get Large and EXTRA LARGE. This was the biggst
order of fries, I've ever seen. And the Coke must have been 750ml. Umm
for those of you not yet metric, which should be only Americans, that's about
three quarters of a quart. I shall not be eating the in-flight meal.

FreshPorts

It appear as if the new FreshPorts box is coming along nicely. I left it
running some disk benchmarks (see benchmarks/bonnie++). That isn't because
I want to know how fast the disk it. It's because I want to exercise the
disk. I failed to purchase the recently released disk walking kit, complete
with leash, watering bowl, and feed dish. So I figured the next best thing
was to provide it with some in-place exercises. Much like those electronic
exercise machines which jolt and contract your muscles via an electric pulse.
If a disk is going to fail, it will often fail early on. In the first few
hours. Otherwise, it will probably live to a ripe old age, then die on you
after you've become backup-complacent and when you least expect it.

Of course, I'll be checking back in on that box from time to time,
just to see how it's doing. The basement has become quite hot lately with
the added heat of the NT box, the W2000 box from work, the gateway, the new
FreshPorts box, and the laptop. Combined, they are putting out quite a few
extra watts. And you can tell that just from walking into the basement.

Speaking of watts, I am most impressed with this new power supply I bought.
I can't recall the name, but remind me and I'll add it later. This ATX PSU
has an extra long power cable leading from the box to the motherboard. It
must be at least three feet long. There are also at least four power cables
for those disks, fans, and DVDs devices of yours. The PSU itself has two
fans. One is the fan which is present in most PSUs. That's the one you
cans see when you look at the back of your computer. It pulls air out of
the case. The other fan faces downwards into the body of the case. This
fan pulls the air out of the case and into the PSU, thereby allowing the
first fan to expel it out of the case. These two fans are both ball bearing
fans. They should last forever (touch wood). An added bonus is that both
fans are quiet. Very quiet. I think they are thermal driven. I think the two
CPU fans are louder. I know the box is quieter than any of my other boxes,
with, perhaps, the exception of the Toshiba desktop provided by my employer.

I like this PSU so much, if I ever build a box from scratch, I'll be sure
to use this one!

Late Arrivals

I did manage to speak to Richard while I was in Chicago. Barring any
last minute interruptions he will be attending the first couple of hours
of the conference. That's good, because I'll be missing them. The next time
I attend a conference, I'll do what I've always done in the past: show up the
day before. It'll cost an extra night, but it will be worth it not to miss
anything. Richard will be wearing his Ponte t-shirt. That's the only way
I'll recognize him.

I don't think I mentioned that the new FreshPorts box was given to me by
Jake Burkholder, one of the FreeBSD committers. He had no further use
for it. It had been given to him by David O'Brien, another committer.
Remind me to ask David where he got this dual P220. Regardless of the
source, I'd like to have the proper attribution on the
contributions page.

Laptop security

I am sure that this topic alone is worth a separate article. The security
precautions one takes with a laptop is probably not the same that you
would take with a desktop box. As Mark Murray put it at
FreeBSD Con 1999, security involves
a combinatio nof securing both the network and the machines on it. While
I was waiting in the Ottawa lounge (for 4 hours), one of the tasks I undertook
was to compile a new kernel. I added the following options to my kernel
configuration file.:

ipfilter_enable="YES" # Set to YES to enable ipfilter functionality
ipmon_enable="YES" # Set to YES for ipmon; needs ipfilter, too!

And into /etc/ipf.rules, I placed these rules:

pass in proto tcp/udp from any to any
pass out from any to any

BUT DON'T DO THAT! Those rules are useless. Ensure you use a proper set
of rules. Have a look at the at my ipfilter
page for the link to the How-To page. When I get to the convention, one
of the first things I'll do after I get logged into one of their access
points will be to ssh to home and grab my rules from there. In the meantime,
I've gone into /etc/inetd.conf and deactivated everything. And
I mean everythihg. I'm sure there's still a few things running which I
should be worried about, but I'm willing to take the risk for now.

The other main changes I made were to /etc/pccard.conf and
/etc/rc.conf files.

The main change is to use the access control point (1=BBS mode) instead
of going into peer-to-peer mode (3=ad-hod\c mode). The other change was to
use the service set "DMTF".

The changes I made to /etc/rc.conf were similar. I specified
that wi0 should be configured via DHCP. Now that I think of it, perhaps
that step is unnecessary. Remind me to check that. Here are the changed
lines:

Of course, none of these changes have been put to the test. Yet. That,
according to my last known schedule, which is at the whim of the airlines,
is subject to change, but should happen sometime in the next 5 hours.

As I've said before, watch this space.

Power on password

With a laptop, I think it might be a good idea to remove the ability
to boot into single user mode. If someone can gain physical access to your box
they can easily boot the box, drop into single user mode and have complete
access to everything on your box.

You might also want to consider using this strategy for boxes which are
outside your security sphere. For example, boxes housed at your ISP, or
anywhere else where you cannot control physical access to the box. I think,
and haven't checked, that if you remove the two following options from
your kernel configuration, you will also remove the ability to the ability to
enter single user mode during the boot phase.

Don't go overboard. Being paranoid and security conscious is a good idea.
But I certinaly I don't think it's appropriate to remove these features from
each and every one of your boxes. Remember, these features are only available
from the console.
And if you can't control console access, you have bigger
problems than worrying about booting into single user mode. Of course, not
everything shares my viewpoint. I don't care. That's what freedom of
choice is all about. If it come right down to it, I think you're better off
concentrating on your firewall rules first. Then, perhaps, if you have nothimg
else do to, and all your books have been dusted, your bills alphabetised,
and your flea collectio arranged, then, and only then, can you be truely ready
to worry about such things.

Finally

I'm here. I made it. The DoubleTree shuttle arrived at the airport shuttle
stop just minutes after I walked outside. And it's only a 5-10 minute ride to
the hotel. Very convenient. I arrived at about 2:30. I checked in, had a
quick shower, and reported to the conference. It was almost break time, so
I decided to wait until after the break before seeing a position inside the
hall. As luck would have it, I found untaken seats in the front row, on the
right. with a power point so I could plug in the laptop.

Based on what I saw during the second half of the talk, I'm not sorry I missed
the first half. It was faily dry material with some insights, but not enough
pratical examples. It's a bit like teaching someone C by describing the
syntax but never showing them any code. Sure, you're teaching them something.
But they aren't learning much. I learn well by example. I'm sure that the
workshops on Tuesday and Wednesday will be more practical.

I so much wanted to go for a run tonight and clear my head after today. But by
the time I had a beer, I was too beat to bother.